> I imagine the Plumbers & Electricians Union must have used similar
> arguments to enclose the business to themselves, and keep out unlicensed
> newcomers.  "No longer acceptable" indeed.  Too much competition boys?

The world might be better off if you couldn't call something
"secure" unless it came from a certificated security programmer.
Just like you don't want your house wired by a Master Electrician, who has
been proven to have experience and knowledge of the wiring code -- i.e.,
both theory and practice.

Yes, it sometimes sucks to be a newcomer and treated with derision unless you
can prove that you understand the current body of knowledge.  We should
all try to be nicer.  But surely you can understand a cryptographer's
frustration when a VPN -- what does that P stand for? -- shows flaws
that are equivalent to a syntax error in a Java class.

Perhaps it would help to think of it as defending the field.  When
crap and snake-oil get out, even well-meaning crap and snake-oil,
the whole profession ends up stinking.

PS:  As for wanting to avoid the "client-server" distinction in SSL/TLS,
     just require certs on both sides and do mutual authentication.
     The bytestream above is already bidirectional.

Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to